Krantz Secure Technologies Webinar: The Cyber Security Threats to Small and Medium Businesses

Krantz Secure Technologies is proud to have recently hosted an informative webinar on January 31 with our very own Jim Krantz presenting on the cyber security threats that face businesses in the modern world.

The webinar started by looking at the “Business of Cybercrime”, defining it as a well-organized, well-funded, professional criminal activity that is often government-sponsored – it’s BIG BUSINESS. However, in order to provide attendees with relevant insight, the webinar focused specifically on the threats to small and medium businesses:

• There are approximately 15 times the number of exploits in firms sized 10-100 employees when compared to enterprises
• Ransomware attacks have increased by 400% in 2016, with payouts that were nine times bigger than in previous years

Cybercriminals are able to do this thanks to the availability of hacking tools, communities and services online through the “Dark” or “Deep” web; the reality is that you don’t have to be an expert (or a geek) to hack anymore.

That’s why it so important to ensure you have these essential components to secure your IT infrastructure:

• Patch and update management
• Virus protection
• Backup capability
• Firewalls with Geo IP filtering
• Spam and Content filtering
• Annual external vulnerability scan
• Remote access with Two-Factor Authentication

However, one of the significant risks is the user: you and your employees. Without the right knowledge and awareness, an unsuspecting user can put the business at risk. For example, a common issue is password management:

• Using the same password for different accounts
• Sharing passwords
• Weak passwords, due to a lack of policy or to make them easier to remember

Furthermore, untrained users are easy targets for hackers and social engineering techniques, which trick the employee into giving out sensitive information, or performing a task on behalf of the cybercriminal.

A popular social engineering tactic among hackers today is “phishing”, a method in which they send fraudulent emails that appear to be from reputable company members in order to get recipients to reveal sensitive information and execute significant financial transfers. With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors in order to persuade employees to give them money, data or crucial information.

Popular versions of phishing include “spear phishing”, in which the cybercriminal focuses on and studies a specific user more directly, in order to guarantee their success; and “whaling”, which targets C-Level executives to siphon money and steal data.

Then there’s Business Email Compromise (BEC), which tricks a user into authorizing a major wire transfer of funds to a seemingly legitimate recipient. Since January 2015, the FBI has reported a 1,300% increase in instances of BEC, with only 4% of the lost funds ever being recovered.

The fact is that all these methods rely on users to click a link, open an attachment, or simply believe what they are reading in an email without confirming it in another way (such as, by calling the person the email was sent from to confirm their request for a wire transfer).

That’s why Security Awareness Training is so important. With the right training, your staff can recognize phishing emails, and avoid clicking links and opening email attachments from unverified senders.

The webinar then moved on to the topic of Mobile Device Security. Despite the ever-growing usage of mobile technology for both business and pleasure, security practices have not kept up. Given how much sensitive data is stored on and moves through you and your staff’s mobile devices, it’s vital to use security measures such as:

• Implementation of basic security measures, such as a screen lock passcode
• Remote lock and wipe capabilities
• Encryption

The webinar also touched on how popular — and unsafe — public Bluetooth and Wi-Fi usage is. Despite the convenience, using Bluetooth and Wi-Fi hotpots can be very dangerous, as cybercriminals can use them to steal information, read private messages and emails, spread viruses, and more.

Furthermore, businesses have to be aware of security concerns when it comes to the Internet of Things — like smart TVs, printers, etc. — which have little to no security and no way of updating them when new exploits are discovered. That’s why it’s vital to ensure they are isolated on their own sub-network, so that cybercriminals can’t use them as a way to access your main network and data.

To learn more the best cloud solution on the market, and to sign up for our next webinar, be sure to get in touch with Krantz Secure Technologies right away at (212) 286-0325 or ITsolutions@krantzsecure.com.